On 01/31/2014 11:19 PM, Mark Mulligan wrote:
You can add a text string at the end of the SVC statement
SVC Symantec_AntiVirus startup=automatic status=started "TEXT=Symantec_Endpoint_Protection"
It will display the text for the SVC so they are more human readable
Mark Mulligan
Associate Operations Engineer – Splunk and Xymon Admin
Thank you Mark,
That is a bit better.. however, for SVC test
HOST=SRV123 SVC D070AF2E-E343-40B9-9F23-45B8572309F4 startup=automatic status=started
without TEXT=, e.g. in alert emails for SRV123/svcs, the problem is described as
&red D070AF2E-E343-40B9-9F23-45B8572309F4: No matching service - want started/manual
but with "TEXT=ServiceA" added to the SVC definition, the description reads
&red ServiceA
I'd like to give the description "No matching service - want started/manual" to the poor operators getting these alert messages, so some kind of embedding would be needed. Where might this parsing be coded? I could look at the code. This is for 4.3.13, I'll upgrade to the latest level and see if this has been changed somehow..
Br, Juha Vuori